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DETAILED ACTION 

1. This written action is responding to the Request for Continued Examination 
(RCE) dated on 08/14/2009 

2. Claims 1, 4-5, 49-50, 53, 56-59, 62, and 63 have been amended. Claim 64 has 
been canceled. All other claims are originally presented. 

3. Claims 1, 4-6, 11, 32-34, 40-50, 53-54, 56-63, and 65 have been submitted for 
examination. 


Continued Examination Under 37 CFR 1.114 

4. A request for continued examination under 37 CFR 1.114, including the fee set 
forth in 37 CFR 1.17(e), was filed in this application after final rejection. Since 
this application is eligible for continued examination under 37 CFR 1.114, and the 
fee set forth in 37 CFR 1.17(e) has been timely paid, the finality of the previous 
Office action has been withdrawn pursuant to 37 CFR 1.114. Applicant's 
submission filed on 08/14/2009 has been entered. 


Response To Arguments 

5. Applicant's amendment, filed on Aug. 14, 2009, has claims 1, 4-5, 49-50, 53, 56- 
59, 62, and 63 amended. Claim 64 has been canceled, and all other claims 
originally presented. 

6. Applicant's arguments are moot in view of a new ground of rejection based on 
the newly found prior art by Baum et al. (U.S. Patent 6,400,707), which discloses 
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the real-time (i.e., audio stream, video stream, voice stream, and etc..) pacl<et 
content, in combination with other previously cited prior art. Please refer to the 
rejections above. 

7. Applicant's remark has been fully considered, but found not persuasive based on 
the reasons below. 

Claim Rejections - 35 USC § 101 

35 U.S.C. 101 reads as follows: 

Whoever invents or discovers any new and useful process, machine, manufacture, or composition of matter, 
or any new and useful improvement thereof, may obtain a patent therefore, subject to the conditions and 
requirements of this title. 

8. Claims 50, 53-54, and 56-57 of the claimed invention are directed to non- 
statutory subject matter. 

I. Claim 50 recites the limitation on a computer readable storage medium, 
which is not only limited to medium of a statutory type according to the 
Specification (see parag. [0019] of the patent publication), is held 
nonstatutory. The claimed "computer/machine readable medium" must be 
physical structure, not a signal, which permits the functionality to be realized 
with the computer. In addition, transitory forms of signal transmission 
through transmission medium such as radio broadcast, electrical signals 
through a wire, and light pulses through a fiber-optic cable, are 
embodiments that are not directed to statutory subject matter because those 
transmissions convey only information encoded in the manner are transitory 
(In re Nuijten 84 U.S.P.Q.2d 1495). On the other hand, claim limitation that 
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specifically recites the medium as non-transitory and statutory type while 
still according to the specification would overcome the deficiency. 
Appropriate correction is required, 
ii. Claims 53-54 and 56-57 are dependent claims that inherit the deficiency of 
the corresponding independent claim 50. Therefore, claims 53-54 and 56- 
57 are also rejected under 35 U.S.C. 101 as not falling within one of the four 
statutory categories of invention. 


Claim Rejections - 35 USC § 103 

The following is a quotation of 35 U.S.C. 103(a) which forms the basis for all 

obviousness rejections set forth in this Office action: 

(a) A patent may not be obtained though the invention is not identically disclosed or described as set 
forth in section 102 of this title, if the differences between the subject matter sought to be patented and 
the prior art are such that the subject matter as a whole would have been obvious at the time the 
Invention was made to a person having ordinary skill in the art to which said subject matter pertains. 
Patentability shall not be negatived by the manner in which the invention was made. 

9. Claims 1, 4-5, 11, 32-34, 40-50, 53, 56-63, and 65 are rejected under 35 U.S.C. 

103(a) as being unpatentable over Fink et al. (U.S. Patent 6,496,935) and further 

in view of Joyce (U.S. Patent 6,519,703) and Baum et al. (U.S. Patent 

6,400,707). 

/. Referring to Claims 1. 49. 50. and 62: 

As per Claim 1 , Fink et al. disclose an apparatus comprising: 


a firewall [(fig. 1)] configured to: 
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receive data packets over a first networl< [Packets which are permitted 
to pass through gateway 15 from external network 14 are then 
received by one of a plurality of protected nodes 20 (lines 335-37, 
Col. 5)]; 

classify the received data pacl<ets based on the contents of the data 
packets into packets of a first type and second type [inspects the 
contents of such packet or packets (line 67, Col. 6). Pre-filtering 
module 30 also preferably features a classification engine 38, 
including a data processor, for at least partially analyzing the 
information from the packet (lines 4-6, Col. 8)]; 
Fink et al. do not expressly disclose the remaining limitations of the 
claim. However, Joyce discloses packets which cannot contain virus 
and packets which can contain a virus and the virus scanning engine for 
testing if the packet contains virus [Prior to use, heuristic firewall 10B 
is trained to perform specific desired tasks. In this embodiment, 
for example, a first heuristic stage 36 is trained to recognize 
absolute high-confidence traffic, computer virus and Trojan 
signatures, denial-of-service attack signatures, and other computer 
security exploit signatures. After training and during use, if 
heuristic stage 36 clears a packet stream with a "high-confidence" 
rating (i.e., an analysis of the packets 22 by heuristic stage 36 
results in a high level of confidence that the packet stream does 
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not contain threats that heuristic stage 36 is trained to detect), 
buffer 24 releases the packets into a secured channel 38 directly 
into network 30. If heuristic stage 36 processing results in only a 
lesser confidence rating (i.e., a "good-confidence" rating) that 
threats are absent, buffer 24 releases the packets into a traditional 
firewall rule base 12 for standard processing. In this case, the 
output of traditional firewall rule base 12 is buffer 28. If heuristic 
stage 36 determines that the packet stream is certainly corrupted or 
otherwise undesired or that threats are detected ("poor- 
confidence"), buffer 24 shunts the packets elsewhere, for example, 
either out of the firewall (e.g., to a "bit bucket" such as /dev/null, 
where they are discarded) or it shunts them elsewhere 26 for 
additional processing. If heuristic stage 36 is not certain as to the 
validity of the packets ("marginal-confidence"), buffer 24 releases 
the packets into complex firewall rule base 14 for processing. The 
output of complex firewall rule base 24 is buffer 40 (lines 32-58, Col. 
3)]; and forward the data packets of the first type to a destination without 
testing by a virus scanning engine and without transmission of the data 
packets to the virus scanning engine [rating (i.e., an analysis of the 
packets 22 by heuristic stage 36 results in a high level of 
confidence that the packet stream does not contain threats that 
heuristic stage 36 is trained to detect), buffer 24 releases the 
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packets into a secured channel 38 directly into network 30 (lines 
30-43, Col. 3)] and forward the data packets of the second type of a 
virus scanning engine for testing [buffer 24 shunts the packets 
elsewhere, for example, either out of the firewall (e.g., to a "bit 
bucket" such as /dev/null, where they are discarded) or it shunts 
them elsewhere 26 for additional processing. If heuristic stage 36 
is not certain as to the validity of the packets ("marginal- 
confidence"), buffer 24 releases the packets into complex firewall 
rule base 14 for processing (lines 51-57, Col. 3). If heuristic stage 
36 rates packets 22 as either good-confidence or marginal- 
confidence, the packets are forwarded to another heuristic stage 
44. Heuristic stage 44 is pre-trained to look for temporal and other 
anomalies in packet streams including, but not limited to, one or 
more of the following: temporal attack signatures, frequency 
analysis, in-transit packet modification, forged-packet indicators, 
out-of-band (OOB) communications, and/or covert channel 
communications (lines 59-67, Col. 39)]. 

Fink at al. and Joyce are analogous art because they are from similar 
technology relating to information security and packet scanning. It would 
have been obvious to one of ordinary skill in the art at the time of 
invention was made to combine the system disclosed in Fink et al. with 
Joyce since one would have been motivated to provide methods and 
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apparatus for a heuristic firewall that can learn from and adapt to data 
flowing through them to better mitigate such security threats (lines 34-37, 
Col. 1 from Joyce). 

Fink and Joyce do not expressly disclose the remaining limitation of the 
claim. However, Baum et al. disclose the limitation regarding classifying 
the received includes determining whether at least one of the data 
packets includes content for a real-time audio or video data stream by 
teaching [(lines 41-59, Col. 2; lines 61-62, Col. 5; and lines 25-57, 
Col. 6 from Baum)]; 

Fink et al., Joyce, and Baum et al. are analogous art because they are 
from similar technology relating to information security and packet 
scanning. It would have been obvious to one of ordinary skill in the art at 
the time of invention was made to combine the system disclosed in Fink 
et al. and Joyce with Baum et al. since one would have been motivated 
to provide methods and apparatus for a firewall that filter the content of 
the real-time stream in order to provide real time firewall security (lines 
11-13, Col. 1 Baumetal.). 

As per Claim 49, it is a method claim that corresponds to the apparatus 
claim 1 . Therefore, Claim 49 is rejected for the same rationale as of 
Claim 1. 
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As per Claim 50, it is storage medium claim that corresponds to the 
apparatus claim 1. In addition, Fink et al. disclose a computer program 
stored on a storage medium [The device comprising: (a) a memory 
for storing at least on instruction (lines 22-23, Col. 3). The method 
of the present invention could be described as a series of steps 
performed by a data processor, and as such could optionally be 
implemented as software, hardware, firmware, or a combination 
thereof (lines 63-66, Col. 3)]. Therefore, Claim 50 is rejected for the 
same rationale as of Claim 1 . 

As per Claim 62, it is an apparatus claim that shares similar limitations 
as of claim 1. In addition. Fink et al. disclose memory and processor 
[The device comprising: (a) a memory for storing at least on 
instruction (lines 22-23, Col. 3). The method of the present 
invention could be described as a series of steps performed by a 
data processor, and as such could optionally be implemented as 
software, hardware, firmware, or a combination thereof (lines 63-66, 
Col. 3)]. Therefore, Claim 62 is rejected for the same rationale as of 
Claim 1. 

/■/. Referring to Claims 4 and 58: 

As per Claim 4, Fink et al., Joyce, and Baum et al. disclose the 
apparatus of claim 1 comprising: 
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wherein tlie classifying comprises determining that data packets of the 
first type contain real time data [(lines 1-5, Abstract and lines 32-39, 
Col. 3 from Joyce)]. In addition, Baum et al. disclose the limitation 
regarding the real time data other than the audio or video data stream [ 
(lines 55-59, Col. 2 from Baum et al.); where the real data is voice 
data stream]. 

As per Claim 58, the rejection of claim 49 is incorporated. In addition. 
Claim 58 encompasses limitations that are similar to those of Claim 4. 
Therefore, it is rejected with the same rationale as of Claim 4. 
//■/. Referring to Claims 5, 57, 59, and 63: 

As per Claim 5, Fink et al., Joyce, and Baum et al. disclose the 
apparatus of claim 4. Fink et al. and Joyce further disclose wherein the 
classifying comprises determining that data packets of the first type as in 
Claim 1, and Baum further discloses classifying (I.e., filtering) the 
packets which are part of the audio or video data stream [(lines 41-59, 
Col. 2; lines 61-62, Col. 5; and lines 25-57, Col. 6 from Baum)]. 

As per Claim 57, the rejection of claim 53 is incorporated. In addition, 
Claim 57 encompasses limitations that are similar to those of Claim 5. 
Therefore, it is rejected with the same rationale as of Claim 5. 
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As per Claim 59, tine rejection of claim 58 is incorporated. In addition, 
Claim 59 encompasses limitations that are similar to those of Claim 5. 
Therefore, it is rejected with the same rationale as of Claim 5. 

As per Claim 63, the rejection of claim 62 is incorporated. In addition, 
Claim 63 encompasses limitations that are similar to those of Claim 5. 
Therefore, it is rejected with the same rationale as of Claim 5. 
/V. Referring to Claim 11: 

As per Claim 11, Fink et al., Joyce, and Baum et al. disclose the 
apparatus of claim 1 , further comprising a buffer configured to store the 
data packets of the second type while the virus scanning engine is 
testing the data packets to detect a virus [(lines 39-65, Col. 2 from 
Joyce)]. 

V. Referring to Claims 32. 56. and 60: 

As per Claim 32, Fink et al., Joyce, and Baum et al. disclose the 
apparatus of claim 1, wherein the firewall is configured to receive from a 
packet classification database, information defining the first and second 
types of data packets [(lines 4-7 and lines 38-41, Col. 8 from Fink et 
al.)]. 
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As per Claim 56, tine rejection of claim 50 is incorporated. In addition, 
Claim 56 encompasses limitations that are similar to those of Claim 32. 
Therefore, it is rejected with the same rationale as of Claim 32. 


As per Claim 60, the rejection of claim 49 is incorporated. In addition, 
Claim 60 encompasses limitations that are similar to those of Claim 32. 
Therefore, it is rejected with the same rationale as of Claim 32. 

vi. Referring to Claim 33: 

As per Claim 33, Fink et al., Joyce, and Baum et al. disclose the 
apparatus of claim 32, further comprising: 

a virus scanning engine configured to receive from a virus detection 
database, programming information controlling the testing of the data 
packets of the second type by the virus scanning engine [(lines 30-40, 
Col. 2 from Joyce)]. 

vii. Referring to Claim 34: 

As per Claim 34, Fink et al., Joyce, and Baum et al. disclose the 
apparatus of claim 1 , further comprising: 

a virus scanning engine configured to receive from a virus detection 
database, programming information controlling the testing of the data 
packets of the second type by the virus scanning engine [(lines 30-40, 
Col. 2 from Joyce)]. 
via. Referring to Claim 40: 
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As per Claim 40, Finl< et al., Joyce, and Baum et al. disclose the 
apparatus of claim 1, further comprising configured to alert the 
destination upon detection of a virus in the data packets [(lines 61-67, 
Col. 4 from Joyce)]. 

ix. Referrinp to Claim 41: 

As per Claim 41, Fink et al., Joyce, and Baum et al. disclose the 
apparatus of claim 1 wherein the destination is a local area network 
[protected network 12 (Fig. 1 from Fink et al.)]. 

X. Referring to Claim 42: 

As per Claim 42, Fink et al., Joyce, and Baum et al. disclose the 
apparatus of claim 1 wherein the destination is a personal computer 
[protected node 20 (Fig. 1 from Joyce)]. 

xi. Referring to Claim 43: 

As per Claim 43, Fink et al., Joyce, and Baum et al. disclose the 
apparatus of claim 1, wherein the destination is a second network 
[protected network 12 (Fig. 1 from Fink et al.)]. 

xii. Referring to Claim 44: 

As per Claim 44, Fink et al., Joyce, and Baum et al. disclose the 
apparatus of claim 1, wherein the first network is a wide area network 
[external network 14 (Fig 1 from Fink et al.)]. 

xiii. Referring to Claim 45: 
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As per Claim 45, F\nk et al., Joyce, and Baum et al. disclose the 
apparatus of claim 44, wherein the wide area network is the Internet 
[External network 14 could optionally be the Internet, for example 
(lines 28-29, Col. 5 from Fink et al.)]. 

xiv. Referrinp to Claim 46: 

As per Claim 46, Fink et al., Joyce, and Baum et al. disclose the 
apparatus of claim 1, wherein the destination comprises an Internet 
service provider configured to connect coupled to a gateway, 
a modem configured to connect to the Internet service provider, and one 
of a local area or personal computer configured to connect to the modem 
[(Fig. 1 from Fink et al.) and (lines 50-55, Col. 4 from Joyce)]. 

XV. Referring to Claim 47: 

As per Claim 47, Fink et a!., Joyce, and Baum et al. disclose the 
apparatus of claim 1, further comprising a virus scanning engine 
configured to decode the data packets during the testing of the data 
packets [(lines 69-67, Col. 3 from Joyce) and (lines 4-11, Col. 7 from 
Fink eta!.)]. 

xvi. Referrinp to Claim 48: 

As per Claim 48, Fink et al., Joyce, and Baum et al. disclose the 
apparatus of claim 47, wherein the virus scanning engine is configured 
to function functions as a proxy for a destination processor configured to 
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receive wliicli receives tlie data pacl<ets [(Fig. 1 from Fink et al.) and 
(lines 50-55, Col. 4 from Joyce)]. 

xvii. Referring to Claim 53: 

As per Claim 53, Finl< et al., Joyce, and Baum et al. disclose the method 
of claim 49. In addition, Baum et al. disclose wherein the classifying 
comprises that the data packets of the first type include the content for 
the real-time audio or video data stream [(lines 41-59, Col. 2; lines 61- 
62, Col. 5; and lines 25-57, Col. 6 from Baum et al.)]. 

xviii. Referring to Claim 61: 

As per Claim 61, Fink et al., Joyce, and Baum et al. disclose the method 
of claim 49, wherein the classifying is performed by a firewall [(lines 6-8, 
Col. 5; lines 65-67, Col. 6; lines 4-7, Col. 8 from Fink et al.)]. 
xix. Referring to Claim 65: 

As per Claim 65, Fink et al., Joyce, and Baum et al. disclose a computer 
program in accordance with claim 49, wherein the classification is 
performed by a firewall [(lines 30-40, Col. 2 and lines 32-58, Col. 3 
from Joyce)]. 

10. Claims 6 and 54 are rejected under 35 U.S.C. 103(a) as being unpatentable over 
Fink et al. (U.S. Patent 6,496,935), Joyce (U.S. Patent 6,519,703), and Baum et 
al. (U.S. Patent 6,400,707) and further in view of Lyie (U.S. Patent 6,886,012). 
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/. Referring to Claims 6 and 54: 

As per Claim 6, Fink et a!., Joyce, and Baum et al. disclose the 

apparatus of claim 1. Fink et al., Joyce, and Baum et al. disclose the 

firewall as in Claim 1. Fink et al., Joyce, and Baum et al. do not 

expressly disclose the remaining limitations of the claim. However, Lyie 

discloses stop reception of a data stream containing the data packets in 

response to an alert from the virus scanning engine [(lines 28-34, Col. 

14 from LyIe)]. 

Fink et al., Joyce, Baum et al., and LyIe are analogous art because they 
are from similar technology relating to Internet security regarding to data 
communications. It would have been obvious to one of ordinary skill in 
the art at the time of invention was made to modify Fink et al., Joyce, 
and Baum et al. with LyIe to have the various components in the 
gateway communicating with an alert message if the malicious code is 
detected, and to stop the data flow into the protected network in such a 
scenario since one would be motivated to have a way to share 
information about an attack, dynamically and without human intervention 
(lines 20-22, Col. 2 from LyIe). 

As per Claim 54, the rejection of claim 50 is incorporated. In addition. 
Claim 54 encompasses limitations that are similar to those of Claim 6. 
Therefore, it is rejected with the same rationale as of Claim 6. 
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Note: Examiner has pointed out particular references contained in ttie 
prior arts of record and in the body of this action for the convenience of 
the applicant. Although the specified citations are representative of the 
teachings in the art and are applied to the specific limitations within the 
individual claim, other passages and figures may apply as well. 
Applicant should consider the entire prior art as applicable to the 
limitations of the claims. It is respectfully requested from the applicant, 
in preparing for response, to consider fully the entire reference as 
potentially teaching all or part of the claimed invention, as well as the 
context of the passage as taught by the prior arts or disclosed by the 
Examiner. 


Conclusion 

11. The prior art made of record and not relied upon is considered pertinent to 
applicant's disclosure, 
i. Cordelia et al. (U.S. Pub. 2002/0013911) disclose a general purpose 
modified single board computer (MSBC) device for operational and 
performance enhancement of computer systems. The modification 
configures the bus interface function of the (MSBC) such that it can reside 
on the expansion-bus of a host computer system and operate as an add-in 
card to the hosting system. This device provides the means to employee 
the resources of a full computer system, to enhance the operation and 
performance of an information system hosting this device. The MSBC 
permits a "system in system" architecture thus efficiently enabling advanced 
capabilities for existing and future computer and information systems. 
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12. Any inquiry concerning this communication or earlier communications from the 
examiner should be directed to Yin-Chen Shaw, whose telephone number is 
(571) 272-8593. The examiner can normally be reached on Monday-Friday from 
9:30 AM - 6:30 PM Eastern Time. 

If attempts to reach the examiner by telephone are unsuccessful, the examiner's 
supervisor, Edan Orgad can be reached on 571-272-7884. 

Any response to this action should be mailed to: 

Commissioner of Patents and Trademarks 
P.O. Box 1450 
Alexandria, VA 22313-1450 
Or faxed to: 

(571)273-3800 

Any inquiry of a general nature or relating to the status of this application or 
proceeding should be directed to the receptionist whose telephone number is 
(571)272-2100. 

Information regarding the status of an application may be obtained from the 
Patent Application Information Retrieval (PAIR) system. Status information for 
published applications may be obtained from either Private PAIR or Public PAIR. 
Status information for unpublished applications is available through Private PAIR 
only. For more information about the PAIR system, see http://pair- 
direct.uspto.gov. Should you have questions on access to the Private PAIR 
system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll- 
free). 
YCS 

Oct. 21,2009 
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/Kambiz Zand/ 

Supervisory Patent Examiner, Art Unit 2434 


